Introduction to Network Virtualization in IaaS Cloud
Akane Matsuo, [email protected] Midokura Japan K.K.
LinuxCon Japan 2013 May 31st, 2013
Copyright ©2012 Midokura All rights reserved
About myself
2
l NTTCommunications: OCN, Verio, Arcstar…got some background of network product …But not engineer :p
l Joined Midokura as an employee #9(?) l Senior Manager
= Do everything but coding l Trying to build the ecosystem of
network virtualization
…
2011.3
2001.4
Copyright ©2012 Midokura All rights reserved
How I met network virtualization a.k.a. Midokura?
3
I don’t know anything about Cloud Network…
But let’s jump on the bandwagon
!!!
My presentation today is about…
What is Network Virtualization
for IaaS Cloud
and Why it matters?
Copyright ©2012 Midokura All rights reserved
What I found #1: What is IaaS Cloud?
5
CPU・Memory Storage Network
You can get computer resources as much you need, only when necessary
Free from deployment, operation, troubleshooting…Everyone is happy….!?
Copyright ©2012 Midokura All rights reserved
What I found #2
6
Cloud has been growing...
http://blogs-images.forbes.com/louiscolumbus/files/2013/02/Figure-1-Cloud-Computing-Growth.jpg
Which means cloud installation base is growing.
Copyright ©2012 Midokura All rights reserved
What I found #3:
7
(1)Source:http://www.datacenterknowledge.com/archives/2009/09/21/ec2-adding-50000-instances-a-day/
Who takes care of the troublesome
network?
What happens if more and more people create Vms with a click of a bottom
everywhere?
l An article in ‘09 says 50K instances are born in AWS everyday(1).
8
We need to think about how to build a network
for IaaS Cloud!
Copyright ©2012 Midokura All rights reserved
What would be the best network for cloud environment?
9
But you can’t create multi-tenant environment!
Flat L2 network! It’s simple!
Management would be so complicated!
How about VLAN then!?
Copyright ©2012 Midokura All rights reserved
What is the best network for cloud environment?
10
Network gets complicated more and more…
Actually, we want L3 too…
Firewall and Load Balancer please!
11
Let’s start from Typical IaaS Cloud Network
For example.. AWS or OpenStack
Copyright ©2012 Midokura All rights reserved
What are the requirements for IaaS Cloud?
12
Tenant/Project A
Network A1
VM1 VM3
Network A2
VM5
Tenant/Project B
Network B1
VM2 VM4
uplink
Provider Virtual Router (L3)
Tenant AVirtual Router
Tenant BVirtual Router
VM6
Virtual L2 Switch B1
Virtual L2 Switch A1
Virtual L2 Switch A2
TenantB office
Tenant BVPN Router
Office Network
Copyright ©2012 Midokura All rights reserved
Tenant/Project A
Network A1
VM1 VM3
Network A2
VM5
Tenant/Project B
Network B1
VM2 VM4
uplink
Provider Virtual Router (L3)
Tenant AVirtual Router
Tenant BVirtual Router
VM6
Virtual L2 Switch B1
Virtual L2 Switch A1
Virtual L2 Switch A2
TenantB office
Tenant BVPN Router
Office Network
Requirements
13
Isolated tenant network (virtual
data center)
Copyright ©2012 Midokura All rights reserved
Tenant/Project A
Network A1
VM1 VM3
Network A2
VM5
Tenant/Project B
Network B1
VM2 VM4
uplink
Provider Virtual Router (L3)
Tenant AVirtual Router
Tenant BVirtual Router
VM6
Virtual L2 Switch B1
Virtual L2 Switch A1
Virtual L2 Switch A2
TenantB office
Tenant BVPN Router
Office Network
Requirements
14
Isolated L2 networks
Copyright ©2012 Midokura All rights reserved
Tenant/Project A
Network A1
VM1 VM3
Network A2
VM5
Tenant/Project B
Network B1
VM2 VM4
uplink
Provider Virtual Router (L3)
Tenant AVirtual Router
Tenant BVirtual Router
VM6
Virtual L2 Switch B1
Virtual L2 Switch A1
Virtual L2 Switch A2
TenantB office
Tenant BVPN Router
Office Network
Requirements
15
L3 isolation (similar to VPC and VRF)
Copyright ©2012 Midokura All rights reserved
Tenant/Project A
Network A1
VM1 VM3
Network A2
VM5
Tenant/Project B
Network B1
VM2 VM4
uplink
Provider Virtual Router (L3)
Tenant AVirtual Router
Tenant BVirtual Router
VM6
Virtual L2 Switch B1
Virtual L2 Switch A1
Virtual L2 Switch A2
TenantB office
Tenant BVPN Router
Office Network
Requirements
16
Redundant, optimized and fault-tolerant
paths to the Internet (e.g. via BGP)
Copyright ©2012 Midokura All rights reserved
Tenant/Project A
Network A1
VM1 VM3
Network A2
VM5
Tenant/Project B
Network B1
VM2 VM4
uplink
Provider Virtual Router (L3)
Tenant AVirtual Router
Tenant BVirtual Router
VM6
Virtual L2 Switch B1
Virtual L2 Switch A1
Virtual L2 Switch A2
TenantB office
Tenant BVPN Router
Office Network
Requirements
17
Fault-tolerant devices and links
Copyright ©2012 Midokura All rights reserved
Tenant/Project A
Network A1
VM1 VM3
Network A2
VM5
Tenant/Project B
Network B1
VM2 VM4
uplink
Provider Virtual Router (L3)
Tenant AVirtual Router
Tenant BVirtual Router
VM6
Virtual L2 Switch B1
Virtual L2 Switch A1
Virtual L2 Switch A2
TenantB office
Tenant BVPN Router
Office Network
Requirements
18
NAT, LB, and Filtering
NAT, LB, and Firewalls
Copyright ©2012 Midokura All rights reserved
Tenant/Project A
Network A1
VM1 VM3
Network A2
VM5
Tenant/Project B
Network B1
VM2 VM4
uplink
Provider Virtual Router (L3)
Tenant AVirtual Router
Tenant BVirtual Router
VM6
Virtual L2 Switch B1
Virtual L2 Switch A1
Virtual L2 Switch A2
TenantB office
Tenant BVPN Router
Office Network
Requirements
19
L3 (and L2) VPNs
Copyright ©2012 Midokura All rights reserved
Tenant/Project A
Network A1
VM1 VM3
Network A2
VM5
Tenant/Project B
Network B1
VM2 VM4
uplink
Provider Virtual Router (L3)
Tenant AVirtual Router
Tenant BVirtual Router
VM6
Virtual L2 Switch B1
Virtual L2 Switch A1
Virtual L2 Switch A2
TenantB office
Tenant BVPN Router
Office Network
Requirements
20
Minimize ARP broadcasts by exploiting CMS config RESTful API for CMS
integration and direct tenant access DHCP, DNS and other
services
21
How we build it?
Copyright ©2012 Midokura All rights reserved
How to build IaaS Cloud Network?
22
1
2
Virtualized physical devices
OpenFlow-based hop-by-hop switching fabric
Copyright ©2012 Midokura All rights reserved
Virtualized physical devices
23
l 4096 limit on number of unique tags
l Large spanning trees terminating on many hosts
l High churn in switch control planes due to MAC learning
l Need MLAG for L2 multi-path (vendor specific)
1
VLAN VLAN1
VLAN2
Copyright ©2012 Midokura All rights reserved
Virtualized physical devices
24
1
MPLS VPN
l Often used by Carriers/Teleco, but technically advanced for IaaS
l Hardwares could be very expensive
tag
tag
Copyright ©2012 Midokura All rights reserved
Virtualized physical devices
25
1
l Not scalable to cloud scale l Expensive hardware l Not fault tolerant (HSRP?) l L2 and L3 isolation. What about NAT, LB, FW?
出典:http://infrastructureadventures.com/tag/vrf-lite/
VRF
Core VLAN 10 VLAN11 VLAN12
Product VLAN 20 VLAN21 VLAN22
Sales VLAN 99
VRF VRF VRF
Copyright ©2012 Midokura All rights reserved
OpenFlow hop-by-hop switch fabric
26
2
OpenFlow Switches
OpenFlow Controller (Cluster)
l State in each switch is proportional to the virtual network state
l Not scalable, not fast enough to update, and no atomicity of updates
l Fault tolerant?
27
Can’t we do this better?
Copyright ©2012 Midokura All rights reserved
How to build IaaS Cloud Network?
28
1
2
3
Virtualized physical devices
OpenFlow-based hop-by-hop switching fabric
Edge-to-Edge overlays
Copyright ©2012 Midokura All rights reserved
Overlays address the issues of IaaS Cloud Network
29
3
VM
VM Edge
Edge Edge
Edge Edge
Edge
Virtual network changes don't affect
underlay state
Use scalable IGP to build multi-path underlay with cheap HW
IP encapsulation provides isolation
without using VLAN
Decoupled from physical network.
Wired once
Copyright ©2012 Midokura All rights reserved
Market trend that accelerate IP overlay
30
1
2
3
Packet processing on x86 CPUs (at edge)
Clos Networks (for underlay)
Merchant silicon (cheap IP switches)
4 Optical intra-DC Networks
• Intel DPDK facilitates packet processing • Number of cores in servers increasing fast
• Spine and Leaf architecture with IP • Economical and high E-W bandwidth
• Broadcom, Intel (Fulcrum Micro), Marvell • ODMs (Quanta, Accton) starting to sell directly • Switches are becoming just like Linux servers
31
Overlays are the right approach!
But not sufficient. We need a scalable control plane
Copyright ©2012 Midokura All rights reserved
Scalable Control Plane for Overlay
32
VM
VM
Edge
Edge Edge
Edge Edge
Edge
CP
CP
CP
CP
CP
CP
Intelligence at the edge. Scalable and fault tolerant
Edge Gateway Internet
DB
DB
DB
Stateful Database
Copyright ©2012 Midokura All rights reserved
MidoNet
33
* MidoNet = Overlay + Network Functions L2, L3, Firewall, DNS, BGP, etc
* Scalable, distributed control plane
* No VLAN, easy to manage.
Please come talk to us later
* Designed for IaaS Cloud from day one
Copyright ©2012 Midokura All rights reserved
Summary
34
* IaaS Cloud needs virtualized network which is designed for IaaS Cloud
* There are various technologies such as VLAN, but overlay is the right approach!
* Plus, we need scalable control plane!
Questions?